An advanced threat actor has been spotted using distinctive, novel methods to backdoor French entities in the construction, real estate, and government industries.
How the attack unfolds
The attack starts with a well-known technique – emails containing a macro-enabled Microsoft Word document masquerading as information relating to the GDPR – and ends up with an attempt to install a backdoor on target systems. What happens in between those steps, though, is what makes these attacks interesting.
